PT-2019-18724 · Pmd · Pmd

Jsotuyodo

Published

2019-02-11

Updated

2022-05-14

CVE-2019-7722

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions PMD versions 5.8.1 and earlier

Description The issue allows attackers to tamper with XML external entities in ruleset files, potentially leading to information disclosure, denial of service, or request forgery attacks. This can be achieved through direct modification or man-in-the-middle (MITM) attacks when using remote rulesets.

Recommendations For PMD versions 5.8.1 and earlier, update to a version that incorporates the changes made on 2017-09-15, which are included in PMD 6.x.

Exploit

Fix

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

CVE-2019-7722

GHSA-57QJ-79GH-69W8

Affected Products

Pmd

PT-2019-18724 · Pmd · Pmd

CVE-2019-7722

Weakness Enumeration

Related Identifiers

Affected Products

References · 5